CWE · MITRE source
CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Last updated: 09 May 2026 03:25 UTC
NIST 800-53 r5 controls that address this weakness (1)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
SC-27 | Platform-independent Applications | SC | Platform-independent managed code eliminates the need for unchecked native buffer copies that are the root cause of classic buffer overflows. |
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2017-7269 KEV | 9.6 | 9.8 | 0.9441 | 2017-03-27 |
CVE-2020-15999 KEV | 9.5 | 9.6 | 0.9291 | 2020-11-03 |
CVE-2016-10174 KEV | 9.4 | 9.8 | 0.9107 | 2017-01-30 |
CVE-2019-11043 KEV | 9.4 | 8.7 | 0.9405 | 2019-10-28 |
CVE-2016-6366 KEV | 9.2 | 8.8 | 0.9121 | 2016-08-18 |
CVE-2007-5659 KEV | 9.1 | 7.8 | 0.9287 | 2008-02-12 |
CVE-2018-6789 KEV | 9.1 | 9.8 | 0.8644 | 2018-02-08 |
CVE-2016-0099 KEV | 9.0 | 7.8 | 0.8996 | 2016-03-09 |
CVE-2013-1331 KEV | 8.9 | 7.8 | 0.8892 | 2013-06-12 |
CVE-2020-15069 KEV | 8.9 | 9.8 | 0.8257 | 2020-06-29 |
CVE-2013-0641 KEV | 8.8 | 7.8 | 0.8796 | 2013-02-14 |
CVE-2022-37055 KEV | 8.8 | 9.8 | 0.8048 | 2022-08-28 |
CVE-2023-41064 KEV | 8.7 | 7.8 | 0.8535 | 2023-09-07 |
CVE-2006-2492 KEV | 8.2 | 8.8 | 0.7408 | 2006-05-20 |
CVE-2010-2572 KEV | 8.0 | 7.8 | 0.7472 | 2010-11-10 |
CVE-2022-37434 | 7.5 | 9.8 | 0.9274 | 2022-08-05 |
CVE-2019-16724 | 7.1 | 9.8 | 0.8573 | 2019-09-24 |
CVE-2020-8012 | 7.0 | 9.8 | 0.8389 | 2020-02-18 |
CVE-2017-15222 | 6.9 | 9.8 | 0.8159 | 2017-10-24 |
CVE-2019-12255 | 6.9 | 9.8 | 0.8238 | 2019-08-09 |
CVE-2020-11984 | 6.7 | 9.8 | 0.7968 | 2020-08-07 |
CVE-2010-5333 | 6.6 | 9.8 | 0.7702 | 2019-09-13 |
CVE-2009-0182 | 6.5 | 8.8 | 0.7902 | 2009-01-20 |
CVE-2017-6862 KEV | 6.5 | 9.8 | 0.4311 | 2017-05-26 |
CVE-2019-12518 | 6.5 | 9.8 | 0.7484 | 2019-12-02 |